Conversation
Contributor
WalkthroughThe PR updates the German and English managed-terms documents: the effective date is changed to May 2026; §3.10 clarifies subcontractor performance and equates provider liability for subcontractors with liability for own actions; a new §3.11 permits collection/processing/storage of aggregated, non-personal usage/technical data (explicitly excluding personal data and prohibiting third‑party disclosure; subcontractors subject to equivalent confidentiality/data-protection duties); typographic/diacritic normalizations; §6.7’s internal fee cross-reference changed from §13 to §14; §8 (reference marketing) reworded; new §9 (customer communication) added; subsequent paragraphs renumbered so final clauses become §§17–19. Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Review rate limit: 0/1 reviews remaining, refill in 60 minutes.Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@content/hub-managed-terms.de.md`:
- Around line 112-114: Sections 8.1 and 8.2 conflict: 8.1 treats reference use
as based on "ausdrückliche Zustimmung" while 8.2 limits withdrawal to "wichtiger
Grund" and allows provider's overriding "berechtigtes Interesse"; choose one
lawful basis and make both clauses consistent—either (A) keep consent: change
8.2 to state the customer may withdraw the consent at any time by emailing
hub-support@cryptomator.org and that withdrawal applies prospectively without
requiring a "wichtiger Grund" or provider override, or (B) switch 8.1 to rely on
"berechtigtes Interesse" and reword 8.1 to explicitly cite the legitimate
interest and change 8.2 to reflect a limited right to object according to GDPR
rules (including the provider's ability to override if their legitimate interest
prevails); update the wording in both 8.1 and 8.2 to reflect the chosen approach
and remove the inconsistent phrases ("ausdrückliche Zustimmung" vs. "wichtiger
Grund"/"überwiegt").
- Line 47: Der Text in §3.11 widerspricht §3.10: §3.11 verbietet jede Weitergabe
an Dritte, während §3.10 die Nutzung von Subunternehmern erlaubt; passe §3.11 so
an, dass er ausdrücklich erlaubt, dass aggregierte, nicht-personenbezogene
Nutzungs- und Telemetriedaten von Subunternehmern im Sinne von §3.10 verarbeitet
werden dürfen (z. B. durch Ergänzung wie "sofern dies gemäß §3.10 durch
vertraglich verpflichtete Subunternehmer erfolgt, die denselben
Vertraulichkeits- und Datenschutzpflichten unterliegen"), oder füge eine
Ausnahmeklausel hinzu, die klarstellt, welche Drittempfänger (z. B.
Subunternehmer, Hosting-/Analyse-Dienstleister) zulässig sind und dass
personenbezogene Daten weiterhin ausgeschlossen bleiben; referenziere dabei die
Vertragsstellen §3.10 und §3.11 beim Textänderungsentwurf.
In `@content/hub-managed-terms.en.md`:
- Around line 116-118: Sections "8.1" and "8.2" are inconsistent because 8.1
frames use of the Customer as a reference on "express consent" while 8.2
restricts revocation to "good cause" and defers to the Provider's legitimate
interest; choose one legal basis and make both clauses consistent: either (A)
keep "express consent" in 8.1 and remove the "for good cause" and "unless the
Provider's legitimate interest prevails" language from 8.2 so revocation by
email to hub-support@cryptomator.org is unconditional and prospective, or (B)
change 8.1 to state the Provider relies on a "legitimate interest" (not consent)
and adjust 8.2 to reflect that revocation is only effective if the Customer
demonstrates overriding interests (keeping the "unless the Provider's legitimate
interest prevails" wording); update the text of 8.1 and 8.2 accordingly so they
consistently reference the chosen legal basis.
- Line 50: §3.11 currently forbids disclosure of telemetry to third parties but
§3.10 allows subcontractors, creating a contractual inconsistency; update §3.11
to state that telemetry is only shared with third-party subprocessors engaged
under §3.10 and bound by equivalent confidentiality and data-processing
obligations, explicitly limit such sharing to aggregated, non-personal metrics
(no identifiers, emails, IPs, vault names), and require the Provider to ensure
subcontractors cannot re-identify data and are subject to the same security, use
restrictions and audit/contractual controls referenced in §3.10.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: ca15a149-420d-4b86-b312-f8ec2ed2c91b
📒 Files selected for processing (2)
content/hub-managed-terms.de.mdcontent/hub-managed-terms.en.md
overheadhunter
approved these changes
Apr 27, 2026
Contributor
There was a problem hiding this comment.
Actionable comments posted: 4
♻️ Duplicate comments (1)
content/hub-managed-terms.de.md (1)
112-114:⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift§8 koppelt Marketing-Einwilligung an den Vertragsabschluss (Compliance-Risiko).
Die Formulierung in §8.1 wirkt wie eine automatisch mit Vertragsabschluss erteilte Einwilligung statt eines separaten, freiwilligen Opt-ins. Das kann die Wirksamkeit der Einwilligung für Marketingzwecke angreifbar machen.
Vorschlag zur Entschärfung
-8.1 Der Kunde erteilt mit Vertragsabschluss seine ausdrückliche Zustimmung, ... +8.1 Sofern der Kunde gesondert ausdrücklich eingewilligt hat, darf der Provider ...-8.2 Der Kunde kann die Zustimmung zum Referenzmarketing jederzeit per E-Mail ... +8.2 Die Einwilligung zum Referenzmarketing kann jederzeit per E-Mail ...🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@content/hub-managed-terms.de.md` around lines 112 - 114, Ändere §8 so dass die Marketing-Einwilligung nicht automatisch mit Vertragsabschluss erteilt wird: ersetze die Formulierung in §8.1 durch ein separates, freiwilliges Opt‑in (z. B. “Der Kunde kann dem Provider gesondert und ausdrücklich in schriftlicher oder elektronischer Form zustimmen”), nenne klar die Zwecke und Verarbeitungsarten (Logo, Name, Case Studies), begrenze Umfang und Dauer der Nutzung und füge eine eindeutige Einwilligungs-Checkbox oder ein gesondertes Zustimmungsformular/Verfahren hinzu; passe §8.2 an, um Widerruf und seine Wirksamkeit (nur für die Zukunft) sowie den Ablauf der Widerrufsbearbeitung klar zu regeln (z. B. Kontaktmethode, Frist zur Entfernung von Referenzen) und referenziere die geänderte Opt‑in‑Prozedur in den Texten/Methoden (Abschnittskennzeichen §8.1/§8.2).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@content/hub-managed-terms.de.md`:
- Line 223: Typo in §17.3: replace the misspelled word "Stilschweigen" with the
correct "Stillschweigen" in the confidentiality clause (the paragraph beginning
"Der Provider verpflichtet sich, ... Stilschweigen zu bewahren"); update that
single token in the sentence and scan the surrounding sentence in the same
paragraph to ensure no other orthographic errors remain.
- Line 52: In section "4.2" (the sentence beginning "Der Kunde erhält an der
jeweils aktuellsten Version der Software..."), insert a comma after "Rechte" to
mark the infinitive construction ("...einfache, d. h. nicht unterlizenzierbare
und nicht übertragbare, zeitlich auf die Dauer des Vertrags beschränkte Rechte,
die Software mittels Zugriff über einen Browser...") or alternatively rephrase
the clause to explicitly introduce the Infinitivkonstruktion so the entitlement
to use the software is unambiguous; update the sentence around "Rechte die
Software mittels Zugriff über einen Browser" accordingly.
- Line 160: Section §14.5 contains a grammatical error: the phrase "Gesetz dem
Fall" should be corrected to the proper legal German "Für den Fall" (or "Sollte
der Fall eintreten") to make the clause grammatically and legally coherent;
update the sentence in §14.5 to read e.g. "Für den Fall, dass eine Mitteilung
seitens des Providers ohne sein Verschulden erst zu einem Zeitpunkt erfolgt, zu
welchem der Nutzer die ordentliche Kündigungsfrist bis zum Geltungszeitpunkt der
Preisanpassung nicht mehr einhalten kann, kann der Nutzer das Vertragsverhältnis
auf den Zeitpunkt des Wirksamwerdens der Preisanpassung kündigen." and verify
punctuation and flow with the rest of §14.5.
In `@content/hub-managed-terms.en.md`:
- Around line 116-119: Section 8.1 currently treats reference-marketing as
automatic "express consent" at contract conclusion; change this by moving the
reference-marketing clause out of the main contract acceptance into a separate
opt-in (e.g., new standalone clause or checkbox) or replace "consent" wording
with an alternative lawful basis and adjust wording accordingly; update related
text in 8.2 to reflect that consent can be withdrawn at any time and describe
the opt-in mechanism and contact (hub-support@cryptomator.org) so the Customer
explicitly chooses to be a reference (refer to sections "8.1", "8.2", the phrase
"express consent", and the contact email for locating and editing the copy).
---
Duplicate comments:
In `@content/hub-managed-terms.de.md`:
- Around line 112-114: Ändere §8 so dass die Marketing-Einwilligung nicht
automatisch mit Vertragsabschluss erteilt wird: ersetze die Formulierung in §8.1
durch ein separates, freiwilliges Opt‑in (z. B. “Der Kunde kann dem Provider
gesondert und ausdrücklich in schriftlicher oder elektronischer Form
zustimmen”), nenne klar die Zwecke und Verarbeitungsarten (Logo, Name, Case
Studies), begrenze Umfang und Dauer der Nutzung und füge eine eindeutige
Einwilligungs-Checkbox oder ein gesondertes Zustimmungsformular/Verfahren hinzu;
passe §8.2 an, um Widerruf und seine Wirksamkeit (nur für die Zukunft) sowie den
Ablauf der Widerrufsbearbeitung klar zu regeln (z. B. Kontaktmethode, Frist zur
Entfernung von Referenzen) und referenziere die geänderte Opt‑in‑Prozedur in den
Texten/Methoden (Abschnittskennzeichen §8.1/§8.2).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 2a4e700d-266b-430f-a21b-d84dbdc05529
📒 Files selected for processing (2)
content/hub-managed-terms.de.mdcontent/hub-managed-terms.en.md
overheadhunter
approved these changes
May 4, 2026
Member
overheadhunter
left a comment
overheadhunter
left a comment
There was a problem hiding this comment.
§9 looks good. I assume the remaining changes just affect the paragraph numbering?
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Member
Author
Yes , exactly. |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
content/hub-managed-terms.en.md (1)
116-119:⚠️ Potential issue | 🟠 Major | 🏗️ Heavy liftGDPR bundled-consent risk remains unaddressed.
The concern raised in the previous review about automatic "express consent" bundled into contract conclusion (§8.1) persists. Making reference-marketing consent automatic "upon conclusion of the contract" and "unlimited in terms of time and content" creates GDPR compliance risks:
- Not freely given: Bundling consent into contract acceptance may fail the GDPR "freely given" test (Art. 4(11), Recital 42).
- Not specific: "Unlimited in terms of...content" conflicts with GDPR's requirement for specific, informed consent (Art. 4(11)).
- Inconsistent model: Contrast with §9.1 which properly requires "separately consented" for customer communication.
The previous suggestion remains valid: either move §8 to a separate opt-in mechanism (like §9) or switch to a different legal basis (legitimate interest) with proper balancing and objection rights.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@content/hub-managed-terms.en.md` around lines 116 - 119, Section 8.1 creates bundled "express consent" on contract conclusion which risks GDPR non-compliance; change §8.1 to require an explicit, separate opt-in for reference marketing (e.g., "The Customer may opt in to be named and used as a reference customer by separately ticking an opt‑in or signing a dedicated clause") or alternatively replace the consent basis with a legitimate‑interest clause that includes a documented balancing test and a clear right to object, and update §8.2 to clarify that revocation/objection is effective prospectively and provide the specific opt‑out procedure; reference §8.1, §8.2 and §9.1 when making the change so the contract either moves reference-marketing into the separate opt‑in flow (like §9.1) or adopts legitimate interest with required safeguards.
🧹 Nitpick comments (3)
content/hub-managed-terms.de.md (1)
52-52: 💤 Low valueConsider harmonizing genitive forms for consistency.
The document uses both "des Vertrags" (lines 52, 169, 229, 231) and apparently "des Vertrages" elsewhere. While both genitive forms are grammatically correct in German, legal documents typically benefit from consistent terminology throughout.
Suggestion for uniformity
Choose one form and apply it consistently. If "des Vertrages" is used in earlier unchanged sections, consider updating these lines to match, or vice versa.
Also applies to: 169-169, 229-229, 231-231
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@content/hub-managed-terms.de.md` at line 52, Die Genitiv-Formen sind inkonsistent: im Satz "zeitlich auf die Dauer des Vertrags beschränkte Rechte" (aktuell in Zeile mit "des Vertrags") wird "des Vertrags" verwendet, während an anderen Stellen "des Vertrages" steht; vereinheitliche die Terminologie durch eine durchgehende Ersetzung aller Vorkommen von "des Vertrags" bzw. "des Vertrages" auf die gewählte Form (z. B. alle auf "des Vertrages" setzen), und passe die drei weiteren genannten Vorkommen (Zeilen mit "des Vertrags"/"des Vertrages" bei 169, 229, 231) entsprechend an, so dass die Datei durchgängig dieselbe Genitivform verwendet.content/hub-managed-terms.en.md (2)
158-158: 💤 Low valueMinor notation inconsistency in cross-reference.
Line 158 uses the notation "§ 6 (7)" while the actual subsection heading at line 100 uses "6.7". For consistency, consider using the same notation throughout:
-14.2 Contractual penalties forfeited by the Provider pursuant to [§ 6 (7)](`#sla`) shall be automatically offset against the payable fee on a monthly basis. +14.2 Contractual penalties forfeited by the Provider pursuant to [§ 6.7](`#sla`) shall be automatically offset against the payable fee on a monthly basis.The link will function correctly either way, but consistent notation improves readability.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@content/hub-managed-terms.en.md` at line 158, The cross-reference uses inconsistent notation: change "§ 6 (7)" in the sentence "Contractual penalties forfeited by the Provider pursuant to [§ 6 (7)](`#sla`)" to match the subsection heading notation "6.7" used elsewhere; update the link text to "[6.7](`#sla`)" (or alternatively change the heading to the § notation) so the anchor [`#sla`] remains the same and the document uses a consistent subsection format.
50-51: ⚡ Quick winConsider adding data retention and verification safeguards for usage statistics.
§3.11 permits collection of aggregated, non-personal usage data and lists helpful exclusions (user identifiers, emails, IPs, vault names). To strengthen customer confidence and GDPR compliance:
- Retention period: Specify how long usage statistics are retained (e.g., "for no longer than necessary for the stated purposes, typically not exceeding 24 months").
- Verification mechanism: Consider adding a right for customers to request confirmation that collected data remains truly aggregated and non-personal.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@content/hub-managed-terms.en.md` around lines 50 - 51, Update §3.11 to add a retention limit and a verification right: amend the paragraph following "The Provider is entitled to collect..." to state aggregated usage statistics will be retained only as long as necessary and specify a maximum retention period (e.g., "not exceeding 24 months"), and add a sentence granting Customers the right to request confirmation that collected metrics remain aggregated and do not contain personal data (e.g., "Customers may request periodic certification or verification that data is aggregated and contains no personal identifiers"); reference §3.11 when adding these two short clauses and ensure subcontractor processing language remains unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@content/hub-managed-terms.en.md`:
- Around line 120-124: The document is inconsistent: §9 requires separate opt-in
consent for non-essential customer communication, while §8.1 currently treats
reference/marketing use as automatic; update §8.1 to require the same separate
opt-in and allow unconditional revocation like §9 (mirror the language and
scope/limitations used in §9), and ensure references to "marketing", "reference
customer" or "testimonials" in §8.1 include the same consent and revocation
mechanics as §9 to keep the consent model consistent.
---
Duplicate comments:
In `@content/hub-managed-terms.en.md`:
- Around line 116-119: Section 8.1 creates bundled "express consent" on contract
conclusion which risks GDPR non-compliance; change §8.1 to require an explicit,
separate opt-in for reference marketing (e.g., "The Customer may opt in to be
named and used as a reference customer by separately ticking an opt‑in or
signing a dedicated clause") or alternatively replace the consent basis with a
legitimate‑interest clause that includes a documented balancing test and a clear
right to object, and update §8.2 to clarify that revocation/objection is
effective prospectively and provide the specific opt‑out procedure; reference
§8.1, §8.2 and §9.1 when making the change so the contract either moves
reference-marketing into the separate opt‑in flow (like §9.1) or adopts
legitimate interest with required safeguards.
---
Nitpick comments:
In `@content/hub-managed-terms.de.md`:
- Line 52: Die Genitiv-Formen sind inkonsistent: im Satz "zeitlich auf die Dauer
des Vertrags beschränkte Rechte" (aktuell in Zeile mit "des Vertrags") wird "des
Vertrags" verwendet, während an anderen Stellen "des Vertrages" steht;
vereinheitliche die Terminologie durch eine durchgehende Ersetzung aller
Vorkommen von "des Vertrags" bzw. "des Vertrages" auf die gewählte Form (z. B.
alle auf "des Vertrages" setzen), und passe die drei weiteren genannten
Vorkommen (Zeilen mit "des Vertrags"/"des Vertrages" bei 169, 229, 231)
entsprechend an, so dass die Datei durchgängig dieselbe Genitivform verwendet.
In `@content/hub-managed-terms.en.md`:
- Line 158: The cross-reference uses inconsistent notation: change "§ 6 (7)" in
the sentence "Contractual penalties forfeited by the Provider pursuant to [§ 6
(7)](`#sla`)" to match the subsection heading notation "6.7" used elsewhere;
update the link text to "[6.7](`#sla`)" (or alternatively change the heading to
the § notation) so the anchor [`#sla`] remains the same and the document uses a
consistent subsection format.
- Around line 50-51: Update §3.11 to add a retention limit and a verification
right: amend the paragraph following "The Provider is entitled to collect..." to
state aggregated usage statistics will be retained only as long as necessary and
specify a maximum retention period (e.g., "not exceeding 24 months"), and add a
sentence granting Customers the right to request confirmation that collected
metrics remain aggregated and do not contain personal data (e.g., "Customers may
request periodic certification or verification that data is aggregated and
contains no personal identifiers"); reference §3.11 when adding these two short
clauses and ensure subcontractor processing language remains unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: a808bd1b-d44f-4ae5-bb37-5ba08fa56a11
📒 Files selected for processing (2)
content/hub-managed-terms.de.mdcontent/hub-managed-terms.en.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.